CAP - Certified Authorization Professional

An In-Demand Position for the In-Control Individual

The Certified Authorization Professional (CAP) certification is an objective measure of the knowledge, skills and abilities required for personnel involved in the process of authorizing and maintaining information systems. Specifically, this credential applies to those responsible for formalizing processes used to assess risk and establish security requirements and documentation. Their decisions will ensure that information systems possess security commensurate with the level of exposure to potential risk, as well as damage to assets or individuals.

The CAP credential is appropriate for commercial markets, civilian and local governments, and the U.S. Federal government including the State Department and the Department of Defense (DoD). See CAP and DoD 8570. Job functions such as authorization officials, system owners, information owners, information system security officers, and certifiers as well as all senior system managers apply.

The CAP examination tests the breadth and depth of a candidate’s knowledge by focusing on the 7 domains of the CAP CBK:

  1. Risk Management Framework (RMF)
  2. Categorization of Information Systems
  3. Selection of Security Controls
  4. Security Control Implementation
  5. Security Control Assessment
  6. Information System Authorization
  7. Monitoring of Security Controls

CAP Exam Information

Length of exam     3 hours
Number of questions 125
Question format Multiple choice questions
Passing grade 700 out of 1000 points
Exam Language English
Testing center Pearson Vue Testing Center
Study tools

Official (ISC)² Guide to the CAP CBK Textbook  

Official (ISC)² training seminar

Interactive Flashcards

Exam outline


For more information on the CAP certification, download the CAP Brochure.  

All (ISC)² certifications, except CCFP, are accredited by the American National Standards Institute (ANSI) to be in compliance with the International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) 17024 Standards. Why is accreditation important when choosing a certification program? Visit the Institute for Credentialing Excellence website.

Need More Information?





Logo CAP
certs chart top

 orange line

White Paper

Making the Most of the
Risk Management Framework

Download Now  

orange line